Episode 177: Power of Community-Developed Security Content
In episode 177 of Cybersecurity Where You Are, Tony Sager sits down with Bob Gendler, IT Specialist at the National Institute of Standards and Technology (NIST), and Edward Byrd, Senior Cybersecurity Engineer of the CIS Benchmarks® at the Center for Internet Security® (CIS®). Together, they use the open-source macOS Security Compliance Project to discuss the power of community-developed security content.
Here are some highlights from our episode:
- 01:15. Introductions to Bob and Edward along with their first Mac devices
- 03:24. Why CIS Benchmarks are needed for macOS
- 05:49. The need to make security guidance a collaborative, ongoing exercise
- 11:06. Inside the expanding community supporting the macOS Security Compliance Project
- 16:59. A practical win: making daily security operations easier to manage
- 21:40. An operational feedback loop of improving the CIS Benchmarks
- 25:25. The implications of compliance pointing to assurance, not security
- 30:53. Advice on how to prepare for an audit using the CIS Benchmarks
- 34:18. The importance of rationale in defining reasonable cybersecurity behavior
- 35:30. A teaser of upcoming changes and how to get involved
Resources
- CIS Benchmarks List
- Mapping and Compliance with the CIS Benchmarks
- Apple macOS
- CIS WorkBench
- CIS Communities
- Episode 156: How CIS Uses CIS Products and Services
- Reasonable Cybersecurity
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.